0
Hardening Plone




A Military-Strength CMS
Hardening Plone
        Hardening the Plone stack



              A Military-Strength CMS
    A Military-Strength CMS and...
Class rules
●   Feel free to ask questions




3
About us
●   Kees Hink
    ●   Plone developer since
        January 2008



●   Kim Chee Leong
    ●   Plone developer si...
Introduction
●   This talk is about:
    ●   Making the Plone stack even more secure
    ●   Not much about Plone itself
 ...
Overview of sections
●   Why security?
●   Our use case
●   Plone
●   Infrastructure
●   Audits (and feedback)




6
The internet is evil
●   Have to protect against:
    ●   Cross site scripting
    ●   Unencrypted connections
    ●   Spo...
SQL Injection




    Comic by XKCD: http://xkcd.com/327/



8
Our use case
●   Two portals:
    ●   Plone as a DMS for online collaboration
        –   Largely standard Plone
        –...
Security of default Plone
     ●   Plone (Zope) is pretty secure by default
     ●   Quantitative comparison:
         –  ...
Small Plone modifications
     ●   Disable self-
         registration
     ●   Workflow +
         permissions
     ●   A...
How to protect?
●    Let's start with a secure location




12
Infrastructure
●    Secure hosting
     ●   Trusted hosting partner
     ●   Secure hosting
     ●   Dedicated servers
●  ...
●   Only HTTPS port is
         opened to the internet
     ●   VPN-only access for
         all except HTTPS




14
Infrastructure: OS
     ●   Modifications on
         Debian Linux to
         enhance security
         –   Different sys...
Infrastructure: Web server
     ●   Apache
         –   HTTPS
         –   Get an SSL certificate
             (Thawte, Ve...
SSL certificate




17
Just to keep your attention




18   http://xkcd.com
Audits
●    Document your
     procedures
     ●   We are using parts of
         ITIL
●    Get audits
     ●   Technical ...
Technical security audit
●
     Done by 3rd party
     ●   They have a checklist
     ●   They report back in a structured...
Recommendations for Plone
●    Plone itself is pretty secure
●    Modifications:
     ●   Quota (file upload limit)
     ●...
Recommendations outside Plone
●    Modifications:
     ●   Use HTTPS only (no redirects from HTTP)
     ●   Paranoid user ...
Technical audit final result
     ●   We implemented these recommendations for the
         next audit, which was tested a...
Process security audit
●    Done by our client's accountants
●    Check processes:
     ●   Talk about our server manageme...
Recommendations for Plone
●    Confidentiality and user agreement




25
Process audit final result
                             ●   We passed!




26   Image by Getty images
Wrapping up
●    Done:
     ●   Think about how to secure our existing setup even
         more
     ●   Have specialists ...
Remaining questions?




28
Upcoming SlideShare
Loading in...5
×

Hardening Plone, a military-strength CMS

2,697

Published on

Talk given by Kim Chee Leong and Kees Hink at the 2009 Plone Conference in Budapest (PloneConf2009)

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,697
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
28
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Hardening Plone, a military-strength CMS"

  1. 1. Hardening Plone A Military-Strength CMS
  2. 2. Hardening Plone Hardening the Plone stack A Military-Strength CMS A Military-Strength CMS and its infrastructure 2
  3. 3. Class rules ● Feel free to ask questions 3
  4. 4. About us ● Kees Hink ● Plone developer since January 2008 ● Kim Chee Leong ● Plone developer since May 2007 4
  5. 5. Introduction ● This talk is about: ● Making the Plone stack even more secure ● Not much about Plone itself ● How to get others to acknowledge that it's secure ● For who? ● New to Plone ● Marketing ● Developers 5
  6. 6. Overview of sections ● Why security? ● Our use case ● Plone ● Infrastructure ● Audits (and feedback) 6
  7. 7. The internet is evil ● Have to protect against: ● Cross site scripting ● Unencrypted connections ● Spoofing ● Password cracking ● Mail interception ● Server hacking ● SQL injection 7
  8. 8. SQL Injection Comic by XKCD: http://xkcd.com/327/ 8
  9. 9. Our use case ● Two portals: ● Plone as a DMS for online collaboration – Largely standard Plone – Alternative to Sharepoint – Sensitive data ● Plone as a user friendly file upload system – Document upload by suppliers – User friendly upload 9
  10. 10. Security of default Plone ● Plone (Zope) is pretty secure by default ● Quantitative comparison: – Track number of hits on Google – See nr. of vulnerabilities in the National Vulnerability Database ● Qualititative comparison: – See article “security overview of plone” on plone.org 10
  11. 11. Small Plone modifications ● Disable self- registration ● Workflow + permissions ● Additional Products – Aagje (activity log) – LoginLockout 11
  12. 12. How to protect? ● Let's start with a secure location 12
  13. 13. Infrastructure ● Secure hosting ● Trusted hosting partner ● Secure hosting ● Dedicated servers ● Operating system ● Security updates ● Company procedures ● Who has access? 13
  14. 14. ● Only HTTPS port is opened to the internet ● VPN-only access for all except HTTPS 14
  15. 15. Infrastructure: OS ● Modifications on Debian Linux to enhance security – Different system user for each Zope instance – Regular security update – Tighten filesystem permissions 15
  16. 16. Infrastructure: Web server ● Apache – HTTPS – Get an SSL certificate (Thawte, VeriSign) – No rewrite rule for Zope root – Keep log files 16
  17. 17. SSL certificate 17
  18. 18. Just to keep your attention 18 http://xkcd.com
  19. 19. Audits ● Document your procedures ● We are using parts of ITIL ● Get audits ● Technical audit ● Process audit 19
  20. 20. Technical security audit ● Done by 3rd party ● They have a checklist ● They report back in a structured way ● Black box audit ● From outside, on Plone portal ● Crystal box audit ● On server, with root access ● Check user permissions, etc. 20
  21. 21. Recommendations for Plone ● Plone itself is pretty secure ● Modifications: ● Quota (file upload limit) ● Cookie settings (HTTPOnly, Secure), fixed with Apache ● And, of course: ● disable self-registration, check workflow, permissions, use LoginLockout 21
  22. 22. Recommendations outside Plone ● Modifications: ● Use HTTPS only (no redirects from HTTP) ● Paranoid user permission restrictions ● Caching header control ● And, of course: ● secure hosting, VPN, security updates, etc. 22
  23. 23. Technical audit final result ● We implemented these recommendations for the next audit, which was tested again and approved: 23
  24. 24. Process security audit ● Done by our client's accountants ● Check processes: ● Talk about our server management documents (esp. security-related) ● Talk about certification of hosting partner ● Talk to technical auditing party ● Talk to us, again... 24
  25. 25. Recommendations for Plone ● Confidentiality and user agreement 25
  26. 26. Process audit final result ● We passed! 26 Image by Getty images
  27. 27. Wrapping up ● Done: ● Think about how to secure our existing setup even more ● Have specialists check our setup + procedures ● Implement their recommendations ● Result: Plone is officially 100% secure. 27
  28. 28. Remaining questions? 28
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×